[Samba] Urgent Problem with failed new User Login to computers on Samba AD Domain
Rowland Penny
rowlandpenny at googlemail.com
Thu May 8 03:08:10 MDT 2014
On 07/05/14 23:10, Notify Me wrote:
> Hi!
>
> I am using a very, very old Samba 4 AD server (Samba 4.0.0alpha14
> (randomdata)) on a CentOS release 5.10 (Final) 64 bit server.
>
> I have not upgraded to the latest yet because I am not very certain
> what to do to upgrade it without losing my domain objects, and custom
> scripts. It has been working OK so far until today.
> (Any tips on how to upgrade without losing everything on it would be welcome).
>
> My main problem is I created new user accounts as per usual (using
> ADUC on a dedicated Win XP VM).
> I was informed one of the user accounts was in Error and therefore I
> had to edit and modify the name and login name (also with ADUC). I was
> informed the user couldnt login at all. I have deleted the account,
> and recreated it both with ADUC and with samba-tool, but login fails,
> except from the dedicated ADUC Windows XP which I find very curious.
> Browsing shares on the samba server is fine:
>
> [root at dc ~]# smbclient //dc/netlogon -Ucosmo.egere%12345678
> Domain=[WESTFIELDNRG] OS=[Unix] Server=[Samba 4.0.0alpha14 (randomdata)]
> smb: \> q
>
> but browsing to the local samba3 server (which is a member of the domain fails):
> [root at dc ~]# smbclient //files/cosmo.egere -Ucosmo.egere%12345678
> session setup failed: NT_STATUS_NO_LOGON_SERVERS
>
> I have tried to do a debug, I wonder if anyone can assist in why this
> is happening? And why it is consulting /etc/samba/smb.conf when the
> samba config file is in /usr/local/samba/etc/smb.conf?
>
> I've tried to reproduce the output with -d 5 below. Please help!
>
> Script started on Wed 07 May 2014 01:14:04 PM WAT
> �_root at dc:~�\[root at dc ~]# exit����smbclient //files/cosmos.egere
> -Ucosmo.egere%12345678 -d5
> INFO: Current debug levels:
> all: True/5
> tdb: False/0
> printdrivers: False/0
> lanman: False/0
> smb: False/0
> rpc_parse: False/0
> rpc_srv: False/0
> rpc_cli: False/0
> passdb: False/0
> sam: False/0
> auth: False/0
> winbind: False/0
> vfs: False/0
> idmap: False/0
> quota: False/0
> acls: False/0
> locking: False/0
> msdfs: False/0
> dmapi: False/0
> lp_load: refreshing parameters
> Initialising global parameters
> params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
> Processing section "[global]"
> doing parameter workgroup = WESTFIELDNRG
> doing parameter server string = Samba Server Version %v
> doing parameter security = user
> doing parameter passdb backend = tdbsam
> doing parameter load printers = yes
> doing parameter cups options = raw
> pm_process() returned Yes
> Attempting to register new charset UCS-2LE
> Registered charset UCS-2LE
> Attempting to register new charset UTF-16LE
> Registered charset UTF-16LE
> Attempting to register new charset UCS-2BE
> Registered charset UCS-2BE
> Attempting to register new charset UTF-16BE
> Registered charset UTF-16BE
> Attempting to register new charset UTF8
> Registered charset UTF8
> Attempting to register new charset UTF-8
> Registered charset UTF-8
> Attempting to register new charset ASCII
> Registered charset ASCII
> Attempting to register new charset 646
> Registered charset 646
> Attempting to register new charset ISO-8859-1
> Registered charset ISO-8859-1
> Attempting to register new charset UCS2-HEX
> Registered charset UCS2-HEX
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> added interface ip=192.168.1.249 bcast=192.168.1.255 nmask=255.255.255.0
> added interface ip=192.168.5.249 bcast=192.168.5.255 nmask=255.255.255.0
> Netbios name list:-
> my_netbios_names[0]="DC"
> Client started (version 3.0.33-3.39.el5_8).
> Opening cache file at /var/cache/samba/gencache.tdb
> sitename_fetch: No stored sitename for
> name files#20 found.
> Connecting to 192.168.1.248 at port 445
> socket option SO_KEEPALIVE = 0
> socket option SO_REUSEADDR = 0
> socket option SO_BROADCAST = 0
> socket option TCP_NODELAY = 1
> socket option TCP_KEEPCNT = 9
> socket option TCP_KEEPIDLE = 7200
> socket option TCP_KEEPINTVL = 75
> socket option IPTOS_LOWDELAY = 0
> socket option IPTOS_THROUGHPUT = 0
> socket option SO_SNDBUF = 16384
> socket option SO_RCVBUF = 87380
> socket option SO_SNDLOWAT = 1
> socket option SO_RCVLOWAT = 1
> socket option SO_SNDTIMEO = 0
> socket option SO_RCVTIMEO = 0
> session request ok
> size=189
> smb_com=0x72
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=51201
> smb_tid=0
> smb_pid=2646
> smb_uid=0
> smb_mid=1
> smt_wct=17
> smb_vwv[ 0]= 8 (0x8)
> smb_vwv[ 1]=12803 (0x3203)
> smb_vwv[ 2]= 256 (0x100)
> smb_vwv[ 3]= 1024 (0x400)
> smb_vwv[ 4]= 65 (0x41)
> smb_vwv[ 5]= 0 (0x0)
> smb_vwv[ 6]= 256 (0x100)
> smb_vwv[ 7]=21760 (0x5500)
> smb_vwv[ 8]= 20 (0x14)
> smb_vwv[ 9]=64768 (0xFD00)
> smb_vwv[10]=33011 (0x80F3)
> smb_vwv[11]= 128 (0x80)
> smb_vwv[12]=55253 (0xD7D5)
> smb_vwv[13]=60889 (0xEDD9)
> smb_vwv[14]=53097 (0xCF69)
> smb_vwv[15]=50177 (0xC401)
> smb_vwv[16]= 255 (0xFF)
> smb_bcc=120
> size=189
> smb_com=0x72
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=51201
> smb_tid=0
> smb_pid=2646
> smb_uid=0
> smb_mid=1
> smt_wct=17
> smb_vwv[ 0]= 8 (0x8)
> smb_vwv[ 1]=12803 (0x3203)
> smb_vwv[ 2]= 256 (0x100)
> smb_vwv[ 3]= 1024 (0x400)
> smb_vwv[ 4]= 65 (0x41)
> smb_vwv[ 5]= 0 (0x0)
> smb_vwv[ 6]= 256 (0x100)
> smb_vwv[ 7]=21760 (0x5500)
> smb_vwv[ 8]= 20 (0x14)
> smb_vwv[ 9]=64768 (0xFD00)
> smb_vwv[10]=33011 (0x80F3)
> smb_vwv[11]= 128 (0x80)
> smb_vwv[12]=55253 (0xD7D5)
> smb_vwv[13]=60889 (0xEDD9)
> smb_vwv[14]=53097 (0xCF69)
> smb_vwv[15]=50177 (0xC401)
> smb_vwv[16]= 255 (0xFF)
> smb_bcc=120
> Doing spnego session setup (blob length=120)
> got OID=1 2 840 113554 1 2 2
> got OID=1 2 840 48018 1 2 2
> got OID=1 3 6 1 4 1 311 2 2 10
> got principal=cifs/files.westfieldnrg.com at WESTFIELDNRG.COM
> size=360
> smb_com=0x73
> smb_rcls=22
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51201
> smb_tid=0
> smb_pid=2646
> smb_uid=100
> smb_mid=2
> smt_wct=4
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 0 (0x0)
> smb_vwv[ 2]= 0 (0x0)
> smb_vwv[ 3]= 233 (0xE9)
> smb_bcc=317
> size=360
> smb_com=0x73
> smb_rcls=22
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51201
> smb_tid=0
> smb_pid=2646
> smb_uid=100
> smb_mid=2
> smt_wct=4
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 0 (0x0)
> smb_vwv[ 2]= 0 (0x0)
> smb_vwv[ 3]= 233 (0xE9)
> smb_bcc=317
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60898215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_CHAL_TARGET_INFO
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP challenge set by NTLM2
> challenge is:
> [000] B9 A0 C8 66 58 E7 8A E6 ...fX...
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> size=35
> smb_com=0x73
> smb_rcls=94
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51201
> smb_tid=0
> smb_pid=2646
> smb_uid=100
> smb_mid=3
> smt_wct=0
> smb_bcc=0
> size=35
> smb_com=0x73
> smb_rcls=94
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51201
> smb_tid=0
> smb_pid=2646
> smb_uid=100
> smb_mid=3
> smt_wct=0
> smb_bcc=0
> SPNEGO login failed: No logon servers
> session setup failed: NT_STATUS_NO_LOGON_SERVERS
> �_root at dc:~�\[root at dc ~]# smbclient //files/cosmos.egere
> -Ucosmo.egere%12345678
> -d5�����������������������������[1P��[1P��[1P��[1P��[1P��[1P��[1P��[1P��[1P��[1P��[1P��[1P��[1P��[1P��[1P��[1P��[1P��[1P��[1P�[1@/�[1 at d�[1 at c�[1@/�[1 at n�[1 at e�[1 at t�[1 at l�[1 at o�[1 at g�[1 at o�[1 at n
> INFO: Current debug levels:
> all: True/5
> tdb: False/0
> printdrivers: False/0
> lanman: False/0
> smb: False/0
> rpc_parse: False/0
> rpc_srv: False/0
> rpc_cli: False/0
> passdb: False/0
> sam: False/0
> auth: False/0
> winbind: False/0
> vfs: False/0
> idmap: False/0
> quota: False/0
> acls: False/0
> locking: False/0
> msdfs: False/0
> dmapi: False/0
> lp_load: refreshing parameters
> Initialising global parameters
> params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
> Processing section "[global]"
> doing parameter workgroup = WESTFIELDNRG
> doing parameter server string = Samba Server Version %v
> doing parameter security = user
> doing parameter passdb backend = tdbsam
> doing parameter load printers = yes
> doing parameter cups options = raw
> pm_process() returned Yes
> Attempting to register new charset UCS-2LE
> Registered charset UCS-2LE
> Attempting to register new charset UTF-16LE
> Registered charset UTF-16LE
> Attempting to register new charset UCS-2BE
> Registered charset UCS-2BE
> Attempting to register new charset UTF-16BE
> Registered charset UTF-16BE
> Attempting to register new charset UTF8
> Registered charset UTF8
> Attempting to register new charset UTF-8
> Registered charset UTF-8
> Attempting to register new charset ASCII
> Registered charset ASCII
> Attempting to register new charset 646
> Registered charset 646
> Attempting to register new charset ISO-8859-1
> Registered charset ISO-8859-1
> Attempting to register new charset UCS2-HEX
> Registered charset UCS2-HEX
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> added interface ip=192.168.1.249 bcast=192.168.1.255 nmask=255.255.255.0
> added interface ip=192.168.5.249 bcast=192.168.5.255 nmask=255.255.255.0
> Netbios name list:-
> my_netbios_names[0]="DC"
> Client started (version 3.0.33-3.39.el5_8).
> Opening cache file at /var/cache/samba/gencache.tdb
> sitename_fetch: No stored sitename for
> name dc#20 found.
> Connecting to 127.0.0.1 at port 445
> socket option SO_KEEPALIVE = 0
> socket option SO_REUSEADDR = 0
> socket option SO_BROADCAST = 0
> socket option TCP_NODELAY = 1
> socket option TCP_KEEPCNT = 9
> socket option TCP_KEEPIDLE = 7200
> socket option TCP_KEEPINTVL = 75
> socket option IPTOS_LOWDELAY = 0
> socket option IPTOS_THROUGHPUT = 0
> socket option SO_SNDBUF = 50652
> socket option SO_RCVBUF = 87456
> socket option SO_SNDLOWAT = 1
> socket option SO_RCVLOWAT = 1
> socket option SO_SNDTIMEO = 0
> socket option SO_RCVTIMEO = 0
> session request ok
> size=181
> smb_com=0x72
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=34883
> smb_tid=0
> smb_pid=2647
> smb_uid=0
> smb_mid=1
> smt_wct=17
> smb_vwv[ 0]= 8 (0x8)
> smb_vwv[ 1]=12815 (0x320F)
> smb_vwv[ 2]= 256 (0x100)
> smb_vwv[ 3]= 0 (0x0)
> smb_vwv[ 4]= 48 (0x30)
> smb_vwv[ 5]= 0 (0x0)
> smb_vwv[ 6]= 256 (0x100)
> smb_vwv[ 7]=22528 (0x5800)
> smb_vwv[ 8]= 10 (0xA)
> smb_vwv[ 9]=64768 (0xFD00)
> smb_vwv[10]= 227 (0xE3)
> smb_vwv[11]= 128 (0x80)
> smb_vwv[12]=12304 (0x3010)
> smb_vwv[13]=60898 (0xEDE2)
> smb_vwv[14]=53097 (0xCF69)
> smb_vwv[15]=50177 (0xC401)
> smb_vwv[16]=28927 (0x70FF)
> smb_bcc=112
> size=181
> smb_com=0x72
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=34883
> smb_tid=0
> smb_pid=2647
> smb_uid=0
> smb_mid=1
> smt_wct=17
> smb_vwv[ 0]= 8 (0x8)
> smb_vwv[ 1]=12815 (0x320F)
> smb_vwv[ 2]= 256 (0x100)
> smb_vwv[ 3]= 0 (0x0)
> smb_vwv[ 4]= 48 (0x30)
> smb_vwv[ 5]= 0 (0x0)
> smb_vwv[ 6]= 256 (0x100)
> smb_vwv[ 7]=22528 (0x5800)
> smb_vwv[ 8]= 10 (0xA)
> smb_vwv[ 9]=64768 (0xFD00)
> smb_vwv[10]= 227 (0xE3)
> smb_vwv[11]= 128 (0x80)
> smb_vwv[12]=12304 (0x3010)
> smb_vwv[13]=60898 (0xEDE2)
> smb_vwv[14]=53097 (0xCF69)
> smb_vwv[15]=50177 (0xC401)
> smb_vwv[16]=28927 (0x70FF)
> smb_bcc=112
> Doing spnego session setup (blob length=112)
> got OID=1 2 840 48018 1 2 2
> got OID=1 2 840 113554 1 2 2
> got OID=1 3 6 1 4 1 311 2 2 10
> got principal=not_defined_in_RFC4178 at please_ignore
> size=364
> smb_com=0x73
> smb_rcls=22
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51271
> smb_tid=0
> smb_pid=2647
> smb_uid=11277
> smb_mid=2
> smt_wct=4
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 0 (0x0)
> smb_vwv[ 2]= 0 (0x0)
> smb_vwv[ 3]= 221 (0xDD)
> smb_bcc=321
> size=364
> smb_com=0x73
> smb_rcls=22
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51271
> smb_tid=0
> smb_pid=2647
> smb_uid=11277
> smb_mid=2
> smt_wct=4
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 0 (0x0)
> smb_vwv[ 2]= 0 (0x0)
> smb_vwv[ 3]= 221 (0xDD)
> smb_bcc=321
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60898205
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_CHAL_TARGET_INFO
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088205
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP challenge set by NTLM2
> challenge is:
> [000] 2F 53 C1 23 62 45 98 06 /S.#bE..
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088205
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> size=152
> smb_com=0x73
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=51271
> smb_tid=0
> smb_pid=2647
> smb_uid=11277
> smb_mid=3
> smt_wct=4
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 0 (0x0)
> smb_vwv[ 2]= 0 (0x0)
> smb_vwv[ 3]= 9 (0x9)
> smb_bcc=109
> size=152
> smb_com=0x73
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=51271
> smb_tid=0
> smb_pid=2647
> smb_uid=11277
> smb_mid=3
> smt_wct=4
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 0 (0x0)
> smb_vwv[ 2]= 0 (0x0)
> smb_vwv[ 3]= 9 (0x9)
> smb_bcc=109
> Mandatory SMB signing enabled!
> SMB signing enabled!
> Domain=[WESTFIELDNRG] OS=[Unix] Server=[Samba 4.0.0alpha14 (randomdata)]
> session setup ok
> size=54
> smb_com=0x75
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=51271
> smb_tid=16734
> smb_pid=2647
> smb_uid=11277
> smb_mid=4
> smt_wct=3
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 0 (0x0)
> smb_vwv[ 2]= 1 (0x1)
> smb_bcc=13
> tconx ok
> dos_clean_name []
> unix_clean_name []
> smb: \> q
> size=35
> smb_com=0x71
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=51271
> smb_tid=16734
> smb_pid=2647
> smb_uid=11277
> smb_mid=5
> smt_wct=0
> smb_bcc=0
> �_root at dc:~�\[root at dc ~]# exit
> exit
>
> Script done on Wed 07 May 2014 01:14:31 PM WAT
Hi, can you please supply copies of all your smb.conf's , also you
mentioned that '/usr/local/samba/etc/smb.conf' should be consulted, but
'/etc/samba/smb.conf' was being consulted instead, do you have both ??
Rowland
More information about the samba
mailing list